Merge pull request #61 from ubuntu/package-nss-c-library

Package NSS C library
ubuntu · Sep 8, 2022 · 6865782 · 6865782
2 parents 01e967f + b0c04db
commit 6865782
Show file tree

Hide file tree

Showing 8 changed files with 66 additions and 56 deletions.
diff --git a/conf/aad.conf.template b/conf/aad.conf.template
@@ -1,16 +1,23 @@
-# required values
-tenant_id = <TENANT_ID>
-app_id = <APPLICATION OR CLIENT ID>
+### required values
+## See https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
+## for more information on how to set up an Azure AD app.
+# tenant_id = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+# app_id = yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy
 
-# optional values
-offline_credentials_expiration = 90
-homedir = /home/%u
-shell = /bin/bash
+### optional values (defaults)
+# offline_credentials_expiration = 90 ; duration in days a user can log in without online verification
+# homedir = /home/%f ; home directory pattern for the user, the following mapping applies:
+#                    ; %f - full username
+#                    ; %U - UID
+#                    ; %l - first char of username
+#                    ; %u - username without domain
+#                    ; %d - domain
+# shell = /bin/bash ; default shell for the user
 
-# overriding values for a specific domain, every value inside a section is optional
-[someDomain.com]
-tenant_id = <TENANT_ID for someDomain.com>
-app_id = <APP OR CLIENT ID for someDomain.com>
-offline_credentials_expiration = <expiration interval for someDomain.com>
-homedir = /home/someDomain/%u
-shell = /bin/ssh
+### overriding values for a specific domain, every value inside a section is optional
+# [domain.com]
+# tenant_id = aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
+# app_id = bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb
+# offline_credentials_expiration = 30
+# homedir = /home/domain.com/%u
+# shell = /bin/zsh
diff --git a/debian/control b/debian/control
@@ -8,6 +8,8 @@ Build-Depends: debhelper-compat (= 13),
                golang-go (>= 2:1.18~),
                libpam0g-dev (>= 1.4),
                libc6-dev (>= 2.35),
+               libglib2.0-dev (>= 2.72.1),
+               pkg-config (>= 0.29.2),
 Standards-Version: 4.6.0.1
 XS-Go-Import-Path: github.com/ubuntu/aad-auth
 Homepage: https://github.com/ubuntu/aad-auth

diff --git a/debian/copyright b/debian/copyright
@@ -100,10 +100,6 @@ Copyright: 2012-2020 Mat Ryer
            Tyler Bunnell and contributors.
 License: MIT
 
-Files: vendor/github.com/termie/*
-Copyright: Andy Smith
-License: MIT
-
 Files: vendor/*golang.org/*
 Copyright: 2009-2020 The Go Authors.
 License: BSD-3

diff --git a/debian/libnss-aad.install b/debian/libnss-aad.install
@@ -1 +1,2 @@
 usr/lib/*/libnss_aad.so.2
+usr/libexec/aad-auth
diff --git a/debian/libnss-aad.postrm b/debian/libnss-aad.postrm
@@ -18,7 +18,7 @@ remove_nss_entry() {
     fi
     sed -i --regexp-extended '
       /^(passwd|group|shadow):/ {
-        s/\baad\b//g
+        s/\s?\baad\b\s?/ /g
         s/[[:space:]]+$//
       }
     ' /etc/nsswitch.conf

diff --git a/debian/libnss-aad.symbols b/debian/libnss-aad.symbols
@@ -13,24 +13,14 @@ libnss_aad.so.2 libnss-aad #MINVER#
  _nss_aad_setgrent@Base 0.1
  _nss_aad_setpwent@Base 0.1
  _nss_aad_setspent@Base 0.1
- authorizerTrampoline@Base 0.1
- callbackTrampoline@Base 0.1
- commitHookTrampoline@Base 0.1
- compareTrampoline@Base 0.1
- crosscall2@Base 0.1
- (arch=arm64 riscv64)crosscall1@Base 0.1
- (arch=amd64)crosscall_amd64@Base 0.1
- (arch=i386)crosscall_386@Base 0.1
- (arch=armhf)crosscall_arm1@Base 0.1
- (arch=ppc64el)crosscall_ppc64@Base 0.1
- (arch=s390x)crosscall_s390x@Base 0.1
- doneTrampoline@Base 0.1
- fatalf@Base 0.1
- preUpdateHookTrampoline@Base 0.1
- rollbackHookTrampoline@Base 0.1
- stepTrampoline@Base 0.1
- updateHookTrampoline@Base 0.1
- (regex|optional)"_sqlite3_*" 0.1
- (regex|optional)"sqlite3_*" 0.1
- (regex|optional)"x_cgo.*" 0.1
- (regex|optional)"_cgo.*" 0.1
+ all_grp_entries@Base 0.1
+ all_grp_entries_index@Base 0.1
+ all_pwd_entries@Base 0.1
+ all_pwd_entries_index@Base 0.1
+ all_spwd_entries@Base 0.1
+ all_spwd_entries_index@Base 0.1
+ fetch_info@Base 0.1
+ grp_search@Base 0.1
+ pwd_search@Base 0.1
+ run_aad_auth@Base 0.1
+ spwd_search@Base 0.1
diff --git a/debian/rules b/debian/rules
@@ -1,12 +1,16 @@
 #!/usr/bin/make -f
 #export DH_VERBOSE = 1
 
-export GOCACHE=$(shell mktemp -d /tmp/gocache-XXXX)
+export GOCACHE := $(shell mktemp -d /tmp/gocache-XXXX)
 export GOFLAGS := -buildmode=pie
 
-export DEB_BUILD_MAINT_OPTIONS = optimize=-lto
-# strict symbols checking
-export DPKG_GENSYMBOLS_CHECK_LEVEL=4
+export DEB_BUILD_MAINT_OPTIONS := optimize=-lto
+
+# Strict symbols checking
+export DPKG_GENSYMBOLS_CHECK_LEVEL := 4
+
+# Copy in build directory all content to embed
+export DH_GOLANG_INSTALL_ALL := 1
 
 %:
 	dh $@ --buildsystem=golang --with=golang,apport
@@ -21,26 +25,33 @@ override_dh_auto_build:
 	go build -ldflags='-extldflags -Wl,-soname,pam_aad.so' -buildmode=c-shared -o pam_aad.so ./pam
 
 	# Build NSS library
-	go build -ldflags='-extldflags -Wl,-soname,libnss_aad.so.2' -buildmode=c-shared -o libnss_aad.so.2 ./nss
+	make -C nss/
 
 	# Build the CLI
 	# DH_GOLANG_BUILDPKG=github.com/ubuntu/aad-auth/cmd/aad-auth dh_auto_build
 
+	# Build the NSS helper binary
+	DH_GOLANG_BUILDPKG=github.com/ubuntu/aad-auth/nss/aad-auth dh_auto_build
+
 override_dh_auto_install:
 	dh_auto_install -- --no-source
 
 	# Install PAM module configuration
 	mkdir -p debian/tmp/usr/share/pam-configs
 	cp debian/libpam-aad.pam-auth-update debian/tmp/usr/share/pam-configs/aad
 
-	# Comment configuration and install it to /etc
+	# Install configuration template to /etc
 	mkdir -p debian/tmp/etc
-	sed -e 's/^\(\)/# \1/' conf/aad.conf.template > debian/tmp/etc/aad.conf
+	cp conf/aad.conf.template debian/tmp/etc/aad.conf
 
 	# Install PAM and NSS libraries
 	mkdir -p debian/tmp/usr/lib/$(DEB_HOST_GNU_TYPE)/security
 	cp pam_aad.so debian/tmp/usr/lib/$(DEB_HOST_GNU_TYPE)/security
-	cp libnss_aad.so.2 debian/tmp/usr/lib/$(DEB_HOST_GNU_TYPE)
+	make install -C nss/ DESTDIR=$(CURDIR)/debian/tmp
+
+	# Install NSS helper to /usr/libexec
+	mkdir -p debian/tmp/usr/libexec
+	mv debian/tmp/usr/bin/aad-auth debian/tmp/usr/libexec
 
 	# Generate and install translations
 	GENERATE_ONLY_INSTALL_TO_DESTDIR=$(CURDIR)/debian/tmp go generate -x ./internal/i18n
diff --git a/nss/Makefile b/nss/Makefile
@@ -1,11 +1,13 @@
-CC=gcc
-CFLAGS=-g -Wall -Wextra $(shell pkg-config --cflags glib-2.0)
-LDFLAGS=$(shell pkg-config --libs glib-2.0)
+CC := gcc
+CFLAGS := -g -Wall -Wextra $(shell pkg-config --cflags glib-2.0)
+LDFLAGS := $(shell pkg-config --libs glib-2.0)
+SCRIPTPATH ?= /usr/libexec/aad-auth
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 
-all: clean libnss_aad.so.2 copy
+all: clean libnss_aad.so.2
 
 libnss_aad.so.2:
-	$(CC) -DSCRIPTPATH=\"/home/u/getent.sh\" passwd.c group.c shadow.c common.c  $(CFLAGS) $(LDFLAGS) -fPIC -shared -Wl,-soname,libnss_aad.so.2 -o libnss_aad.so.2
+	$(CC) -DSCRIPTPATH=\"$(SCRIPTPATH)\" *.c $(CFLAGS) $(LDFLAGS) -fPIC -shared -Wl,-soname,libnss_aad.so.2 -o libnss_aad.so.2
 
 clean:
 	rm -f libnss_aad.so.2
@@ -14,7 +16,8 @@ check:
 	make clean
 	codechecker check -b "make libnss_aad.so.2"
 
-copy:
-	scp libnss_aad.so.2 u@192.168.122.144:~/
-	scp getent.sh u@192.168.122.144:~/
+install: libnss_aad.so.2
+	install -dm 0755 $(DESTDIR)/usr/lib/$(DEB_HOST_GNU_TYPE)
+	install -m 0644 libnss_aad.so.2 $(DESTDIR)/usr/lib/$(DEB_HOST_GNU_TYPE)
 
+.PHONY: all clean check install